Linux Netfilter / IP Tables Devel
[Prev Page][Next Page]
- [PATCH -stable,4.19.x 18/40] netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention, (continued)
- [PATCH -stable,4.19.x 18/40] netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 20/40] netfilter: nf_tables: fix memleak when more than 255 elements expired, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 21/40] netfilter: nf_tables: unregister flowtable hooks on netns exit, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 22/40] netfilter: nf_tables: double hook unregistration in netns path, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 23/40] netfilter: nftables: update table flags from the commit phase, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 25/40] netfilter: nf_tables: disable toggling dormant table state more than once, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 24/40] netfilter: nf_tables: fix table flag updates, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 26/40] netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 4.19), Pablo Neira Ayuso
- [PATCH -stable,4.19.x 27/40] netfilter: nft_dynset: fix timeouts later than 23 days, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 28/40] netfilter: nftables: exthdr: fix 4-byte stack OOB write, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 29/40] netfilter: nft_dynset: report EOPNOTSUPP on missing set feature, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 30/40] netfilter: nft_dynset: relax superfluous check on set updates, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 31/40] netfilter: nf_tables: mark newset as dead on transaction abort, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 32/40] netfilter: nf_tables: skip dead set elements in netlink dump, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 34/40] netfilter: nft_set_rbtree: skip end interval element from gc, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 33/40] netfilter: nf_tables: validate NFPROTO_* family, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 35/40] netfilter: nf_tables: set dormant flag on hook register failure, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 36/40] netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate(), Pablo Neira Ayuso
- [PATCH -stable,4.19.x 37/40] netfilter: nf_tables: do not compare internal table flags on updates, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 39/40] netfilter: nf_tables: reject new basechain after table flag update, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 38/40] netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout, Pablo Neira Ayuso
- [PATCH -stable,4.19.x 40/40] netfilter: nf_tables: discard table flag update with pending basechain deletion, Pablo Neira Ayuso
- Re: [PATCH -stable,4.19.x 00/40] Netfilter fixes for -stable, Greg KH
- [PATCH nft 1/4] tests: shell: add dependencies to skip unsupported tests in older kernels,
Pablo Neira Ayuso
- [PATCH v6 net-next 07/15] netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage., Sebastian Andrzej Siewior
- [iptables PATCH] man: recent: Adjust to changes around ip_pkt_list_tot parameter,
Phil Sutter
- [iptables PATCH] man: extensions: recent: Clarify default value of ip_list_hash_size,
Phil Sutter
- [iptables PATCH] ebtables: Include 'bitmask' value when comparing rules,
Phil Sutter
- let nftables indicate incomplete dissections,
Florian Westphal
- [PATCH nft,v2] monitor: too large shift exponent displaying payload expression, Pablo Neira Ayuso
- [PATCH nft,v2] cmd: skip variable set elements when collapsing commands, Pablo Neira Ayuso
- [PATCH nft] cmd: skip variable set elements when collapsing commands, Pablo Neira Ayuso
- [PATCH nf-next,v4 1/2] netfilter: nfnetlink_queue: unbreak SCTP traffic,
Pablo Neira Ayuso
- Testing stable backports for netfilter,
Harshit Mogalapalli
- [PATCH nft] cmd: provide better hint if chain is already declared with different type/hook/priority, Pablo Neira Ayuso
- [PATCH nft] monitor: too large shift exponent displaying payload expression, Pablo Neira Ayuso
- [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback,
Julia Lawall
- [PATCH v6.1] netfilter: nf_tables: use timestamp to check for set element timeout,
Kuntal Nayak
- [PATCH 1/2 v5.10] netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV,
Kuntal Nayak
- [PATCH net-next 0/2] net: flow dissector: allow explicit passing of netns,
Florian Westphal
- [PATCH v5 net-next 07/15] netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage., Sebastian Andrzej Siewior
- [PATCH nf] netfilter: Use flowlabel flow key when re-routing mangled packets,
Florian Westphal
- Re: [PATCH net v2 2/3] selftests: add selftest for the SRv6 End.DX4 behavior with netfilter,
Jakub Kicinski
- [PATCH nf-next] netfilter: nf_tables: missing objects with no memcg accounting, Pablo Neira Ayuso
- [PATCH nft] nf_tables: nft_inner: validate mandatory meta and payload netlink attributes, Davide Ornaghi
- [ANNOUNCE] ipset 7.22 released, Jozsef Kadlecsik
- [PATCH nft] Check for NULL netlink attributes,
Davide Ornaghi
- [PATCH nft] scanner: inet_pton() allows for broader IPv4-Mapped IPv6 addresses, Pablo Neira Ayuso
- [PATCH v4 net-next 06/14] netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage., Sebastian Andrzej Siewior
- [PATCH nf] netfilter: restore default behavior for nf_conntrack_events,
Nicolas Dichtel
- [PATCH nf] netfilter: nf_reject: init skb->dev for reset packet,
Florian Westphal
[PATCH nftables] tests: shell: add test case for reset tcp warning, Florian Westphal
[PATCH nf-next] netfilter: nf_tables: rise cap on SELinux secmark context,
Pablo Neira Ayuso
Re: [syzbot] [netfilter?] [mm?] [usb?] INFO: rcu detected stall in addrconf_rs_timer (6), syzbot
[PATCH nf-next v2] netfilter: nf_conncount: fix wrong variable type,
Yunjian Wang
[PATCH net-next v1] netfilter: cttimeout: remove 'l3num' attr check,
Lin Ma
[syzbot] [fscrypt?] WARNING in fscrypt_fname_siphash,
syzbot
[PATCH v3 net-next 07/15] netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage., Sebastian Andrzej Siewior
[PATCH v4 bpf-next 0/3] netfilter: Add the capability to offload flowtable in XDP layer,
Lorenzo Bianconi
[PATCH net] netfilter: nf_conncount: fix wrong variable type,
Yunjian Wang
[PATCH net 0/6,v3] Netfilter fixes for net,
Pablo Neira Ayuso
[PATCH nft 1/2,v2] cache: check for NFT_CACHE_REFRESH in current requested cache too,
Pablo Neira Ayuso
[nft PATCH] doc: drop duplicate ARP HEADER EXPRESSION,
谢致邦 (XIE Zhibang)
[PATCH net-next v1] netfilter: nfnetlink: convert kfree_skb to consume_skb,
Donald Hunter
[PATCHv4 net-next 00/14] ipvs: per-net tables and optimizations,
Julian Anastasov
- [PATCHv4 net-next 08/14] ipvs: use resizable hash table for services, Julian Anastasov
- [PATCHv4 net-next 10/14] ipvs: show the current conn_tab size to users, Julian Anastasov
- [PATCHv4 net-next 12/14] ipvs: use more keys for connection hashing, Julian Anastasov
- [PATCHv4 net-next 14/14] ipvs: add conn_lfactor and svc_lfactor sysctl vars, Julian Anastasov
- [PATCHv4 net-next 01/14] rculist_bl: add hlist_bl_for_each_entry_continue_rcu, Julian Anastasov
- [PATCHv4 net-next 05/14] ipvs: do not keep dest_dst after dest is removed, Julian Anastasov
- [PATCHv4 net-next 13/14] ipvs: add ip_vs_status info, Julian Anastasov
- [PATCHv4 net-next 03/14] ipvs: some service readers can use RCU, Julian Anastasov
- [PATCHv4 net-next 11/14] ipvs: no_cport and dropentry counters can be per-net, Julian Anastasov
- [PATCHv4 net-next 06/14] ipvs: use more counters to avoid service lookups, Julian Anastasov
- [PATCHv4 net-next 04/14] ipvs: use single svc table, Julian Anastasov
- [PATCHv4 net-next 07/14] ipvs: add resizable hash tables, Julian Anastasov
- [PATCHv4 net-next 02/14] ipvs: make ip_vs_svc_table and ip_vs_svc_fwm_table per netns, Julian Anastasov
- [PATCHv4 net-next 09/14] ipvs: switch to per-net connection table, Julian Anastasov
[PATCH nft 1/2] cache: check for NFT_CACHE_REFRESH in current requested cache,
Pablo Neira Ayuso
[PATCH net-next 0/5] net: constify ctl_table arguments of utility functions,
Thomas Weißschuh
[PATCH nft,v2] tests: shell: add vlan double tagging match simple test case, Pablo Neira Ayuso
[RFC PATCH v2 00/12] Socket type control for Landlock,
Mikhail Ivanov
- [RFC PATCH v2 01/12] landlock: Support socket access-control, Mikhail Ivanov
- [RFC PATCH v2 02/12] landlock: Add hook on socket creation, Mikhail Ivanov
- [RFC PATCH v2 03/12] selftests/landlock: Add protocol.create to socket tests, Mikhail Ivanov
- [RFC PATCH v2 04/12] selftests/landlock: Add protocol.socket_access_rights to socket tests, Mikhail Ivanov
- [RFC PATCH v2 05/12] selftests/landlock: Add protocol.rule_with_unknown_access to socket tests, Mikhail Ivanov
- [RFC PATCH v2 06/12] selftests/landlock: Add protocol.rule_with_unhandled_access to socket tests, Mikhail Ivanov
- [RFC PATCH v2 07/12] selftests/landlock: Add protocol.inval to socket tests, Mikhail Ivanov
- [RFC PATCH v2 08/12] selftests/landlock: Add tcp_layers.ruleset_overlap to socket tests, Mikhail Ivanov
- [RFC PATCH v2 09/12] selftests/landlock: Add mini.ruleset_with_unknown_access to socket tests, Mikhail Ivanov
- [RFC PATCH v2 10/12] selftests/landlock: Add mini.socket_overflow to socket tests, Mikhail Ivanov
- [RFC PATCH v2 11/12] selftests/landlock: Add mini.socket_invalid_type to socket tests, Mikhail Ivanov
- [RFC PATCH v2 12/12] samples/landlock: Support socket protocol restrictions, Mikhail Ivanov
- Re: [RFC PATCH v2 00/12] Socket type control for Landlock, Günther Noack
[PATCH libnetfilter_queue v2 00/15] Convert libnetfilter_queue to not need libnfnetlink,
Duncan Roe
- [PATCH libnetfilter_queue v2 01/15] src: Convert nfq_open() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue v2 02/15] src: Convert nfq_open_nfnl() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue v2 03/15] src: Convert nfq_close() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue v2 05/15] src: Convert nfq_set_queue_flags(), nfq_set_queue_maxlen() & nfq_set_mode() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue v2 04/15] src: Convert nfq_create_queue(), nfq_bind_pf() & nfq_unbind_pf() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue v2 08/15] src: Incorporate nfnl_rcvbufsiz() in libnetfilter_queue, Duncan Roe
- [PATCH libnetfilter_queue v2 06/15] src: Convert nfq_handle_packet(), nfq_get_secctx(), nfq_get_payload() and all the nfq_get_ functions to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue v2 07/15] src: Convert nfq_set_verdict() and nfq_set_verdict2() to use libmnl if there is no data, Duncan Roe
- [PATCH libnetfilter_queue v2 09/15] src: Convert nfq_fd() to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue v2 10/15] src: Convert remaining nfq_* functions to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue v2 11/15] src: Copy nlif-related files from libnfnetlink, Duncan Roe
- [PATCH libnetfilter_queue v2 12/15] doc: Add iftable.c to the doxygen system, Duncan Roe
- [PATCH libnetfilter_queue v2 14/15] include: Use libmnl.h instead of libnfnetlink.h, Duncan Roe
- [PATCH libnetfilter_queue v2 13/15] src: Convert all nlif_* functions to use libmnl, Duncan Roe
- [PATCH libnetfilter_queue v2 15/15] build: Remove libnfnetlink from the build, Duncan Roe
[PATCH] ipvs: Avoid unnecessary calls to skb_is_gso_sctp,
Ismael Luceno
[PATCH net 0/6,v2] Netfilter fixes for net,
Pablo Neira Ayuso
[PATCH] iptables: cleanup FIXME,
Michael Estner
[PATCH v3 bpf-next 0/3] netfilter: Add the capability to offload flowtable in XDP layer,
Lorenzo Bianconi
[PATCH bpf-next v4 1/2] net: netfilter: Make ct zone opts configurable for bpf ct helpers,
Brad Cowie
[PATCH v5 36/68] selftests/net: Drop define _GNU_SOURCE, Edward Liaw
[PATCH nf v2] netfilter: nft_fib: allow from forward/input without iif selector, Eric Garver
[PATCH] fix json output format for IPSET_OPT_IP,
Zhixu Liu
[PATCH bpf-next v2 0/4] netfilter: Add the capability to offload flowtable in XDP layer,
Lorenzo Bianconi
[PATCH net-next] netfilter: nft_fib: allow from forward/input without iif selector,
Eric Garver
[iptables PATCH] extensions: libxt_sctp: Add an extra assert(),
Phil Sutter
[PATCH v2 0/7] Dynamic hook interface binding,
Phil Sutter
tcpwrite question,
Byron Mugabi
[PATCH nft 0/3] vlan support updates,
Pablo Neira Ayuso
[PATCH bpf-next 0/4] netfilter: Add the capability to offload flowtable in XDP layer,
Lorenzo Bianconi
[PATCH net] netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu(),
Eric Dumazet
[PATCH net-next] selftests: netfilter: fix packetdrill conntrack testcase,
Florian Westphal
[PATCH nf] netfilter: nfnetlink_queue: fix rcu splat on program exit,
Florian Westphal
[PATCH v3 0/2] netfilter: nfqueue: incorrect sctp checksum,
Antonio Ojea
[PATCH nf-next 00/11] netfilter: nf_tables: reduce transaction log memory usage,
Florian Westphal
- [PATCH nf-next 01/11] netfilter: nf_tables: make struct nft_trans first member of derived subtypes, Florian Westphal
- [PATCH nf-next 02/11] netfilter: nf_tables: move bind list_head into relevant subtypes, Florian Westphal
- [PATCH nf-next 04/11] netfilter: nf_tables: reduce trans->ctx.table references, Florian Westphal
- [PATCH nf-next 03/11] netfilter: nf_tables: compact chain+ft transaction objects, Florian Westphal
- [PATCH nf-next 06/11] netfilter: nf_tables: pass more specific nft_trans_chain where possible, Florian Westphal
- [PATCH nf-next 05/11] netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx, Florian Westphal
- [PATCH nf-next 07/11] netfilter: nf_tables: avoid usage of embedded nft_ctx, Florian Westphal
- [PATCH nf-next 08/11] netfilter: nf_tables: store chain pointer in rule transaction, Florian Westphal
- [PATCH nf-next 09/11] netfilter: nf_tables: reduce trans->ctx.chain references, Florian Westphal
- [PATCH nf-next 10/11] netfilter: nf_tables: pass nft_table to destroy function, Florian Westphal
- [PATCH nf-next 11/11] netfilter: nf_tables: do not store nft_ctx in transaction objects, Florian Westphal
[syzbot] [netfilter?] general protection fault in nf_tproxy_laddr4,
syzbot
[PATCH v2 0/2] netfilter: nfqueue: incorrect sctp checksum,
Antonio Ojea
[PATCH net-next] selftests: netfilter: nft_flowtable.sh: bump socat timeout to 1m,
Florian Westphal
[RFC bpf-next v1 0/4] netfilter: Add the capability to offload flowtable in XDP layer,
Lorenzo Bianconi
[PATCH v4 35/66] selftests/net: Drop define _GNU_SOURCE, Edward Liaw
[PATCH nf-next 0/2] nf_tables: vlan matching & mangling,
Pablo Neira Ayuso
[PATCH v3 37/68] selftests/net: Drop define _GNU_SOURCE, Edward Liaw
Could not process rule: Cannot allocate memory,
Sven Auhagen
[PATCH bpf-next v3 1/2] net: netfilter: Make ct zone opts configurable for bpf ct helpers,
Brad Cowie
[PATCH nf-next] selftests: netfilter: add packetdrill based conntrack tests,
Florian Westphal
[PATCH libnetfilter_queue] Stop a memory leak in nfq_close,
Duncan Roe
[PATCH v4 1/2] ipvs: add READ_ONCE barrier for ipvs->sysctl_amemthresh,
Alexander Mikhalitsyn
nftables with thousands of chains is unreasonably slow,
Neels Hofmeyr
[PATCH net-next] selftests: netfilter: conntrack_tcp_unreplied.sh: wait for initial connection attempt,
Florian Westphal
[nf-next PATCH 0/5] Dynamic hook interface binding,
Phil Sutter
[PATCH net-next 07/15] netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage., Sebastian Andrzej Siewior
[PATCH net-next 0/2] netfilter: nfqueue: incorrect sctp checksum,
Antonio Ojea
[netfilter-nf:under-review 14/18] net/netfilter/nft_set_pipapo.c:2122: warning: expecting prototype for __nft_pipapo_walk(). Prototype was for nft_pipapo_do_walk() instead,
kernel test robot
[syzbot] [netfilter?] WARNING: suspicious RCU usage in br_mst_set_state, syzbot
[PATCH net-next v6 0/8] sysctl: Remove sentinel elements from networking,
Joel Granados via B4 Relay
- [PATCH net-next v6 1/8] net: Remove the now superfluous sentinel elements from ctl_table array, Joel Granados via B4 Relay
- [PATCH net-next v6 2/8] net: ipv{6,4}: Remove the now superfluous sentinel elements from ctl_table array, Joel Granados via B4 Relay
- [PATCH net-next v6 5/8] net: Remove ctl_table sentinel elements from several networking subsystems, Joel Granados via B4 Relay
- [PATCH net-next v6 4/8] net: sunrpc: Remove the now superfluous sentinel elements from ctl_table array, Joel Granados via B4 Relay
- [PATCH net-next v6 6/8] netfilter: Remove the now superfluous sentinel elements from ctl_table array, Joel Granados via B4 Relay
- [PATCH net-next v6 7/8] appletalk: Remove the now superfluous sentinel elements from ctl_table array, Joel Granados via B4 Relay
- [PATCH net-next v6 8/8] ax.25: x.25: Remove the now superfluous sentinel elements from ctl_table array, Joel Granados via B4 Relay
- [PATCH net-next v6 3/8] net: rds: Remove the now superfluous sentinel elements from ctl_table array, Joel Granados via B4 Relay
- Re: [PATCH net-next v6 0/8] sysctl: Remove sentinel elements from networking, Sabrina Dubroca
[PATCH net-next] selftests: netfilter: nft_concat_range.sh: reduce debug kernel run time,
Florian Westphal
[libnetfilter_log] fix bug in race condition of calling nflog_open from different threads at same time,
Evgen Bendyak
[PATCH nft v3 0/2] Support for variables in map expressions,
Jeremy Sowden
[PATCH net-next] selftests: netfilter: avoid test timeouts on debug kernels,
Florian Westphal
[PATCH libnetfilter_queue] Update .gitignore, Duncan Roe
[libnetfilter_conntrack PATCH] conntrack: bsf: Do not return -1 on failure,
Phil Sutter
[PATCH v5 0/8] sysctl: Remove sentinel elements from networking,
Joel Granados via B4 Relay
[PATCH v3] ipvs: Fix checksumming on GSO of SCTP packets,
Ismael Luceno
[PATCH] conntrackd: helpers/rpc: Don't add expectation table entry for portmap port,
pda Pfeil Daniel
[PATCH nf-next v2 0/8] nft_set_pipapo: remove cannot-fail allocations on commit and abort,
Florian Westphal
[PATCH v4 0/8] sysctl: Remove sentinel elements from networking,
Joel Granados via B4 Relay
[iptables][PATCHv2] configure: Add option to enable/disable libnfnetlink,
Alexander Kanavin
[nft PATCH 1/2] doc: nft.8: Fix markup in ct expectation synopsis,
Phil Sutter
[nft PATCH] tests: shell: Fix for maps/typeof_maps_add_delete with ASAN,
Phil Sutter
[nft PATCH] json: Fix for memleak in __binop_expr_json,
Phil Sutter
[PATCH nf] netfilter: nf_tables: honor table dormant flag from netdev release event path, Pablo Neira Ayuso
[iptables][PATCH] configure: Add option to enable/disable libnfnetlink,
Alexander Kanavin
[PATCH v2 net-next] tools: testing: selftests: prefer TEST_PROGS for conntrack_dump_flush,
Florian Westphal
[PATCH bpf-next v2 1/2] net: netfilter: Make ct zone opts configurable for bpf ct helpers,
Brad Cowie
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
